<?php
	error_reporting(0);
	include_once('./src/connect.php');

	if ($_POST['old_pwd'] && $_POST['new_pwd']) {

		session_start();
		$username = $_SESSION['username'];

		$query = "SELECT password FROM ark_user WHERE username='".$username."'";
		$result = mysql_query($query, $link);
		list($password_db) = mysql_fetch_array($result);

		$old_pwd = trim($_POST['old_pwd']);
		$new_pwd = trim($_POST['new_pwd']);

		if (md5($old_pwd) == $password_db) {
			$query = "UPDATE ark_user SET password='".md5($new_pwd)."' WHERE username='".$username."'";
			mysql_query($query, $link);
			if (mysql_affected_rows() == 1) {
				session_start();
				session_destroy();
				header("Location: login.php");
			}
		}
		else {
			header("Location: change_pwd.php");
		}

	}

	require_once('./template/header.tpl.php');
?>

<form id="login" method="post" action="#"> 

    <h1>初始密码为学号</h1>
    
    <div>
    	<label for="old_pwd">旧密码</label> 
    	<input type="password" name="old_pwd" id="old_pwd" />
    </div>			

    <div>
    	<label for="new_pwd">新密码</label>
    	<input type="password" name="new_pwd" id="new_pwd" />
    </div>			
    			
    <div class="submit">
        <button type="submit">修改</button>   
    </div> 
</form>	

<?php
	require_once('./template/footer.tpl.php');
?>
